registry  /  @astraguard/sdk  /  1.2.2

@astraguard/sdk@1.2.2

License key management SDK with HWID binding, software protection, fraud detection and encrypted file distribution for developers

AI Security Review

scanned 2h ago · by lpm-firewall-ai

No confirmed malicious attack surface is established. Importing provides a license-management SDK; explicit security APIs can hash caller-provided files and terminate the host on detected tampering.

Static reason
High-risk behavior combination matched malicious policy.
Trigger
Consumer imports the SDK and explicitly calls its client or security APIs.
Impact
Expected licensing and anti-tamper behavior; no unconsented install-time or persistence behavior found.
Mechanism
Configured license API requests and opt-in runtime integrity checks.
Rationale
Direct inspection shows an obfuscated but package-aligned licensing SDK with no consumer install hook or concrete malicious chain. The scanner's protestware label is unsupported by the inspected source.
Evidence
package.jsonREADME.mddist/index.d.tsdist/index.jsdist/index.mjs

Decision evidence

public snapshot
AI called this Clean at 86.0% confidence as Benign with medium false-positive risk.
Evidence for block
  • `dist/index.js` and `dist/index.mjs` are heavily obfuscated.
  • `dist/index.d.ts` exposes opt-in anti-debug and integrity functions that can terminate the host process when enabled.
Evidence against
  • `package.json` has only publisher-side `prepublishOnly`, with no install-time hook.
  • No child-process, shell, eval, or package file-write primitive was found in the inspected bundle.
  • `readFileSync` in `dist/index.mjs` hashes caller-supplied paths for the documented integrity baseline.
  • Network requests use `fetch` for the documented license API configured by the consumer.
  • `README.md` and declarations consistently describe license, HWID, update, and opt-in protection features.
  • No credential harvesting, exfiltration endpoint, persistence, destructive action, or AI-agent configuration mutation was found.
Behavioral surface
Source
DynamicRequire
Supply chain
MinifiedProtestwareTrivial
ManifestNo manifest risk signals triggered.
scanned 2 file(s), 1.19 MB of source

Source & flagged code

1 flagged · loading source
dist/index.jsView file
1'use strict';(function(d,e){const oS={d:0x65,e:0x61c,f:0x120,g:0x494,h:0x451,i:'\x4e\x5e\x6f\x66',j:0x79d,k:0x566,l:0x4,m:0x601,n:'\x51\x49\x64\x33',o:0xf0b,p:0xdc7,q:0xd2c,r:0xb98...
Medium
Dynamic Require

Package source references dynamic require/import behavior.

dist/index.jsView on unpkg · L1

Findings

1 Critical1 Medium2 Low
CriticalProtestware
MediumDynamic Requiredist/index.js
LowNon Install Lifecycle Scripts
LowScripts Present